UNIT - IV

SaaS Software Development Prespectives

The Scope of SaaS

In recent years, the software-as-a-service (SaaS) business has experienced
tremendous expansion. Indeed, the SaaS market is predicted to rise
internationally between 2020 and 2025.

Experts predict that the cloud computing market all around the world will rise
from $371.4 billion in 2020 to $832.1 billion in 2025.

More than 60% of decision-makers worldwide have already implemented cloud

service bundles into their enterprises.

SaaS apps, considered a great alternative to conventional software, have

established themselves as a new business standard. It is an excellent alternative
for SMEs because it is less expensive than in-house software.

Challenges of SaaS Software Development

Ensure Project Duration
SaaS is challenging to develop since it takes significant time and money to get
everything correctly. The pandemic pushed the deadlines even further. The
biggest obstacle is faster time to market, as your rivals would want to introduce
their products at a time when market demand is high. When the epidemic
struck, software engineers became in high demand among organizations eager
to deliver and maintain new remote work technologies as soon as possible.

As a result, you must plan, develop, execute, test, release, & sell your product
as soon as possible. And this is despite a scarcity of experienced engineers with
relevant experience. Low-code development & BaaS, for example, significantly
minimize the time required to set up a SaaS development platform.

Ability to Scale
Your app’s performance will be negatively affected if your infrastructure
cannot handle spikes in load. Your clients face financial losses if the mission-
critical SaaS application on which they rely is inaccessible. As a result, your
platform must support both vertical and horizontal scaling. It means you must
add more assets to a single program as needed or automatically start and shut
down different app versions.
Scalability concerns must be considered throughout the design phase. You must
grasp how SaaS apps function to comprehend how SaaS development works for
your project, whether it is scaling up or down your productivity, and much more.

Data Security
To keep your client’s personal information safe and secure, design your
application and use cloud security capabilities. The most basic solution to this
problem is to avoid keeping essential data in plaintext and instead utilize
hashes.

Docker container security, temporary passwords, decoupled microservices, and

a myriad of other cybersecurity features may help protect your users’ personal
information. However, It is challenging to configure usage-intensive SaaS
applications without in-depth cybersecurity knowledge.

Adaptability
The primary benefit of SaaS apps is that their infrastructure is hosted in the
cloud, eliminating the need for dedicated servers in on-premise or remote data
centers. Amazon Web Services, Microsoft Azure, & Google Cloud backup your
files. Also, it ensures system uptime, guaranteeing that your SaaS is always
accessible.

However, this comes with a large monthly subscription fee, so if you want to save
money, plan on developing and deploying your backup solution.

Efficiencies in Costs
Your customers may be unwilling (or unable) to pay that much for your SaaS.
As a result, you may need to devise a method of making money via selling
subscriptions. Conduct rigorous market research to determine whether your
target market can pay the price of your product.

As a result, maintaining product pricing is critical because it includes regular

maintenance, software updates, and other expenses.

Finding a reliable SaaS software development partner allows your company to

have access to a talent pool and best practices, guaranteeing that your Software
-as-a-Service development is thriving.

Challenges of Cloud Computing

1. Data Security and Privacy

Data security is a major concern when working with Cloud environments. It is
one of the major challenges in cloud computing as users have to take
accountability for their data, and not all Cloud providers can assure 100%
data privacy. Lack of visibility and control tools, no identity access
management, data misuse, and Cloud misconfiguration are the common
causes behind Cloud privacy leaks. There are also concerns with insecure APIs,
malicious insiders, and oversights or neglect in Cloud data management.
2. Multi-Cloud Environments
Common cloud computing issues and challenges with multi-cloud
environments are - configuration errors, lack of security patches, data
governance, and no granularity. It is difficult to track the security
requirements of multi-clouds and apply data management policies across
various boards.
3. Performance Challenges
The performance of Cloud computing solutions depends on the vendors who
offer these services to clients, and if a Cloud vendor goes down, the business
gets affected too. It is one of the major challenges associated with cloud
computing.
4. Interoperability and Flexibility
Interoperability is a challenge when you try to move applications between two
or multiple Cloud ecosystems. It is one of the challenges faced in cloud
computing. Some common issues faced are:
 Rebuilding application stacks to match the target cloud environment's
specifications
 Handling data encryption during migration
 Setting up networks in the target cloud for operations
 Managing apps and services in the target cloud ecosystem
5. High Dependence on Network
Lack of sufficient internet bandwidth is a common problem when transferring
large volumes of information to and from Cloud data servers. It is one of the
various challenges in cloud computing. Data is highly vulnerable, and there is
a risk of sudden outages. Enterprises that want to lower hardware costs
without sacrificing performance need to ensure there is high bandwidth, which
will help prevent business losses from sudden outages.
6. Lack of Knowledge and Expertise
Organizations are finding it tough to find and hire the right Cloud talent,
which is another common challenge in cloud computing. There is a shortage of
professionals with the required qualifications in the industry. Workloads are
increasing, and the number of tools launched in the market is increasing.
Enterprises need good expertise in order to use these tools and find out which
ones are ideal for them.
7. Reliability and Availability
High unavailability of Cloud services and a lack of reliability are two major
concerns in these ecosystems. Organizations are forced to seek additional
computing resources in order to keep up with changing business requirements.
If a Cloud vendor gets hacked or affected, the data of organizations using their
services gets compromised. It is another one of the many cloud security risks
and challenges faced by the industry.
8. Password Security
Account managers use the same passwords to manage all their Cloud accounts.
Password management is a critical problem, and it is often found that users
resort to using reused and weak passwords.
9. Cost Management
Even though Cloud Service Providers (CSPs) offer a pay-as-you-go
subscription for services, the costs can add up. Hidden costs appear in the
form of underutilized resources in enterprises.
10. Lack of expertise
Cloud computing is a highly competitive field, and there are many
professionals who lack the required skills and knowledge to work in the
industry. There is also a huge gap in supply and demand for certified
individuals and many job vacancies.
11. Control or Governance
Good IT governance ensures that the right tools are used, and assets get
implemented according to procedures and agreed-to policies. Lack of
governance is a common problem, and companies use tools that do not align
with their vision. IT teams don't get total control of compliance, risk
management, and data quality checks, and there are many uncertainties faced
when migrating to the Cloud from traditional infrastructures.
12. Compliance
Cloud Service Providers (CSP) are not up-to-date when it comes to having the
best data compliance policies. Whenever a user transfers data from internal
servers to the Cloud, they run into compliance issues with state laws and
regulations.
13. Multiple Cloud Management
Enterprises depend on multiple cloud environments due to scaling up and
provisioning resources. One of the hybrid cloud security challenges is that
most companies follow a hybrid cloud strategy, and many resort to multi-
cloud. The problem is that infrastructures grow increasingly complex and
difficult to manage when multiple cloud providers get added, especially due to
technological cloud computing challenges and differences.
14. Migration
Migration of data to the Cloud takes time, and not all organizations are
prepared for it. Some report increased downtimes during the process, face
security issues, or have problems with data formatting and conversions. Cloud
migration projects can get expensive and are harder than anticipated.
15. Hybrid-Cloud Complexity
Hybrid-cloud complexity refers to cloud computing challenges arising from
mixed computing, storage, and services, and multi-cloud security causes
various challenges. It comprises private cloud services, public Clouds, and on-
premises infrastructures, for example, products like Microsoft Azure and
Amazon Web Services - which are orchestrated on various platforms.
Cloud Aware Software Development
Building secure, cloud aware and hyperscale applications with high
performance and low latency commuinication for distributed systems requires
a sound software development strategy, which needs to be built on the
foundation of cloud computing technology from the ground up using a new
methodology (and/or a manifesto) to write software which can run as a service
(SaaS).

Crafting Hyperscale Software as a Services

As we move beyond the cloud into hyperscale computing, we introduce a new way
of thinking for building applications for the cloud. In the cloud era applications
are built as a collection of cloud services, or APIs, which need a new design
paradigm with performance and scaling in mind.

Our software engineering and development operation teams undertsand how to

build and monitor cloud aware applications which can scale under an increased
load by automatically spinning up additional resources that are needed on
demand and exactly here is our knowledge where we help organizations to build
secure, resilient and high scalable software services.

Simple, Pragmatic and Resilient

We strongly believe in the value of simplicity and pragmatism by crafting
software to run as a service and apply principles like resiliency, immutability,
workflow automation and codification.

We help our customers to benefit from the unique characteristics of the cloud-
computing paradigm by adapting the new architectural design patterns to
build cloud aware software services for humans
Cloud Networking
Cloud Networking is service or science in which company’s networking
procedure is hosted on public or private cloud. Cloud Computing is source
manage in which more than one computing resources share identical platform
and customers are additionally enabled to get entry to these resources to
specific extent. Cloud networking in similar fashion shares networking
however it gives greater superior features and network features in cloud with
interconnected servers set up under cyberspace.
 Why cloud networking is required and in-demand?

 It is in demand by many companies for their speedy and impervious delivery,

fast processing, dependable transmission of information without any loss,
pocket-friendly set-up. Benefited corporations who select Cloud Networking
consist of internet service providers, e-commerce, cloud service providers,
community operators, cloud service providers.
 It permits users to boost their networks in accordance with necessities
in cloud-based services. An actual cloud network provides high-end
monitoring to globally positioned servers, controls site visitors flow between
interconnected servers, protects structures with superior network safety,
and offers visibility to user by means of its centralized management.
 It ensures overall performance and safety in multi-cloud surrounding so
that Information technology receives greater visibility by means of supplying
end-users with necessities and experience they need. Workloads are shared
between cloud surroundings using software program as provider application.
 Software-Defined Wide Area Network is technology that makes use of bunch
of networking switches and routers to virtually get entry to machine from
hardware to software program deployed on white box.

Advantages of Cloud Networking :

1. On-Demand Self Service – Cloud computing provides required application,
services, and utility to client. With login key, they can begin to use besides
any human interplay and cloud service providers. It consists of storage and
digital machines.
2. High Scalability – It requests grant of resources on large scale besides any
human intervention with every service provider.
3. Agility – It shares the assets efficiently amongst customers and works
quickly.
4. Multi-sharing – By distributed computing, distinctive clients from couple of
areas share identical resources through fundamental infrastructure.
5. Low Cost – It is very economical and can pay in accordance with its usage.
6. Services in pay per use Model – Application Programming Interface is given
to clients to use resources and offerings and pay on service basis.
7. High availability and Reliability – The servers are accessible at the proper
time besides any delay or disappointment.
8. Maintenance – It is user-friendly as they are convenient to get entry to from
their location and does not require any installation set up.
Disadvantages of Cloud Networking :
1. Dependency on internet connectivity – Cloud networking requires a strong
and reliable internet connection. If the connection is slow or unreliable, it
can cause performance issues and disrupt network access.
2. Security concerns – Cloud networks are susceptible to cyber-attacks, and
security breaches can compromise the sensitive data stored on the cloud.
This risk is mitigated through proper security measures, but there is always
some level of vulnerability.
3. Limited control – When you use a cloud network, you are dependent on the
cloud provider to manage and maintain the network infrastructure. This
can limit your control over the network and how it is managed.
4. Cost – Cloud networking can be expensive, particularly for large-scale
 enterprise networks. The costs can add up quickly, especially when you
factor in the ongoing maintenance and support costs.
5. Lack of customization – Cloud networking solutions are typically pre-
configured and may not offer the level of customization that some
organizations require. This can limit your ability to tailor the network to
your specific needs.
Challenges in Datacenter Networking
Data Security
One consistent source of datacenter networking challenges is security. A
data breach could cost millions of dollars in lost intellectual property, private
data leakage, and stolen personal information.

Power Management
While server consolidation and virtualization reduce the amount of
hardware in the data center, they do not always lower energy consumption.
Despite being significantly more efficient, blade servers consume four to five
times the energy of previous data storage technologies.Power and cooling
requirements are becoming more important as equipment requirements change.

Capacity Planning
Maintaining optimum performance requires operating the data center at
maximum capacity. Still, IT managers often leave a margin for error, a
capacity protection gap, to ensure that activities do not suffer interruptions.
Over-provisioning is costly and a waste of computing space, computer
processing power, and electricity.

The Internet of Things (IoT)

The capability to control sensors remotely in almost every system is
raising plenty of additional issues for data centers. The Internet of Things,
according to Gartner, is a disruptive force that will transform the data center,
owing to the sheer volume of data it will produce. The IoT data will have to get
processed, prioritized, stored, and analyzed.

Mobile Enterprise
Datacenter networking challenges consequently plague mobile computing
service providers and their “personal device” strategies, just as they are by the
security of these devices. Employees have immediate access to business-critical
data through handheld devices, but these devices must remain controlled and
protected.

Real-Time Reporting
The importance of real-time data analytics and reporting is growing. Not
only are DCIM tools used to track physical data center activities, but big data
analytics enables real-time monitoring of irregularities or problems that may
show a security breach or other problem.

Balancing Cost Controls with Efficiency

Budgeting and cost management are ongoing issues for every department,
but the data center’s cost-control concerns are special. Whilst you want to
ensure that your data centers are effective, creative, and elegant, you must also
be mindful of cost control.

challenges faced by transport layer protocol

In the OSI (Open System Interconnection) model, the transport layer is
one of the seven layers and it is responsible for the end to end communication
between the sender and receiver over the internet. It provides logical
communication between the sender and receiver and ensures the end to end
delivery of the packet.
The transport layer main protocols are as follows −
 TCP (Transmission Control Protocol)
 UDP (User Datagram Protocol)
 SCTP (Stream Control Transmission Protocol)
 RDP (Reliable Data Protocol)
 RUDP (Reliable User Datagram Protocol)

Responsibilities of the transport layer

The responsibilities of the transport layer are as follows −
 It provides a process to process delivery or end to end delivery of the entire
message from the sender to the receiver.
 This layer checks for errors during transmission.
 It controls the flow control mechanism and prevents data loss due to the
speed mismatch of the sender and receiver.
 This layer divides the stream of bytes received from the upper layer into
segments at the sender side and reassembles at the receiver side.
Challenges
The main challenges to designing a transport layer protocol are given below −
 Dynamic Topology − Technology is changing day by day and it affects the
performance of the transport layer and will be slightly affected by these
changes.
 Power and Bandwidth constraints − In a wireless network, two main
constraints of power and bandwidth are faced. These constraints affect the
transport layer.
 To handle congestion control, reliability and flow control separately − If
we handle congestion control, reliability and flow control separately then
the performance of the transport layer is increased. But to handle these
separately is the additional control overhead.
Open Source support for cloud
Cloud computing stages is an on-demand openness of PC system
resources, especially data stockpiling and figuring power, without a direct
dynamic organization by the customer. The thought has advanced by a wide
edge all through the long haul and has isolated into iaas, paas, and much more
continue being discovered each passing season ahead. Distributed computing
stage is ideal for the current IT culture, and it isn’t going wherever, anytime
sooner rather than later.
Open source cloud software and solutions list:

1. Open Stack
2. Cloud Stack
3. Apache Mesos
4. Eucalyptus
5. Open Nebula
6. AppScale

1. Open Stack
Open stack is a lot of open source cloud software programming contraptions for
regulating distributed computing stages for public and private clouds. This
programming stage is contained interrelated parts that control grouped, multi-
dealer hardware pools of taking care of, amassing, and frameworks
organization resources all through a server farm. Open Stack could be
regulated through an electronic dashboard, through request line instruments,
or through peaceful web organizations.

Key Highlights of Open Stack:

• Limitless accumulating: Tremendous and level namespace, incredibly

versatile read/make access, prepared to serve substance clearly from the limit
structure.

• Multi-dimensional adaptability: cale-out designing: It scales vertically and

equitably scattered limit. It can back up and chronicles a ton of data with
straight execution.

• Record/holder: No settling, not a standard record system. It scales to various

petabytes just as billions of articles.

2. Cloud Stack
Cloud stack is an open source cloud software platform expected to pass on and
administer immense associations of the virtual machine, as a significantly
available, especially adaptable establishment as an assistance distributed
computing. It’s a java-based undertaking that gives an organization labourer,
and trained professionals (if essential) for hypervisor has so you can likewise
run an iaas cloud. Cloud stack as of now reinforces the most well-known
hypervisors: VMware, kvm, citric XenServer, xen cloud Stage (XCP), Prophet
VM specialist and MS Hyper-v.

Key Highlights of Cloud stack:

• Works with have running xen worker, kvm, Hyper-v, just as VMware esxi with
vsphere .

• Gives an agreeable Electronic UI to managing the cloud.

• Gives a nearby Programming interface. Customers can bargain their cloud

with an easy to use Web interface, request line mechanical assemblies, or
conceivably a full-included Serene Programming interface.

3. Apache Mesos
Apache mesos is a complete open-source solution that handles occupations
capably in a passed on the environment through ground-breaking resource
sharing just as disconnection. It dynamic PC processor, memory, storing, and
other register resources from machines, enabling issue liberal and adaptable
appropriated structures to be helpfully built and run sufficiently.

Features of Mesos

• Mesos is a cross-stage: It runs on Linux, osx and Windows. It is a Cloud

provider freethinker all the while.

• Local assistance for dispatching compartments with Docker and appc

pictures.

• Accomplishes staggering levels of High Availability: Issue tolerant repeated

master and experts using Creature controller. Non-hazardous updates.

4. Eucalyptus
Eucalyptus is an open source cloud software storage for building aws-feasible
private and hybrid clouds. It is a Linux based programming designing that
executes versatile private and cross variety cloud inside your present IT
establishment. As and on-premise System as a Help cloud game plan, it licenses
you to use your own collections of resources (hardware, storing, and association)
using a self-organization interface subordinate upon the circumstance.

Key Highlights of Eucalyptus:

• Design of Eucalyptus is awes Practical and appropriately has five key parts,
Cloud controller, Walrus, Pack controller, Accumulating controller, Center
controller and Euca2ool.

• Clients can likewise run Amazon or Eucalyptus machine pictures as events on

both the cloud.

• Since it is aws suitable, there is 100% AWS Programming interface similitude

ans maintain.

5. Open Nebula
Open nebula is clear yet mind boggling and versatile turnkey open source
answer for manufacture Private Cloud and regulate Worker ranch
virtualization. It completes IaaS. The chief open-source variation of Open
nebula was conveyed in Walk 2008.

Key Highlights of Open cloud:

• Fine-grained upper leg ligaments for resource task.

• Asset Offer the chiefs to follow and confine figuring, amassing and frameworks
organization resource utilization

• Dynamic creation of Bundles as pool of hosts that shares information stores

and virtual associations for load changing, high availability, and prevalent
enrolling.

6. AppScale
Appscale is an open source cloud software distributed computing stage that thus
passes on and scales unmodified Google Application Engine applications over
open and private fog systems. It’s a circled programming system that completes
a cloud stage as assistance (PaaS). In light of everything, AppScale is an easy to
-regulate worker less stage for building and for running flexible web and
versatile applications on any establishment. The objective of Appscale is to give
designers a quick, programming interface driven improvement stages that can
run application on any cloud foundation.

Highlights of AppScale:

• Snappy prototyping

• AppScale isn’t hard to use hence making associations favour it.

Open Source Tools for Cloud Infrastructure and Management

Cloud is not a new term and almost all enterprises use it in some way but the
bottleneck is to manage the huge Cloud Infrastructure. There are many Cloud
vendors those continuously provides new tools to help enterprise IT to build,
buy, manage, monitor, tweak and track cloud services. But their fees might
prick the companies budget pocket. So, here are some open source tools which
help you to build, manage and monitor networks of virtual machines, private
or hybrid clouds, tweak and track cloud services and much more…

1. OpenStack
OpenStack software allows data centers to pool the compute, storage, and
networking resources and manage them through a dashboard or via the
OpenStack API.
2. CloudStack
Apache CloudStack is designed to deploy and manage large networks of virtual
machines. This Apache Project offers a turnkey Infrastructure as a Service
(IaaS) cloud computing platform. It’s used both by public cloud computing
vendors and by organizations running their own private clouds.
3. Eucalyptus
Eucalyptus allows organizations to easily migrate apps and data to build
private or hybrid cloud environments that are compatible with Amazon Web
Services.
4. Synnefo
Synnefo is a complete cloud infrastructure stack that provides Network, Image,
Volume and Storage service. It manages Google Ganetti, OpenStack, and KVM.
5. FOSS-Cloud
The FOSS-Cloud is a Software that enables you to create your own Private or
Public Cloud. It is an integrated infrastructure to provide cloud-Services,
Windows or Linux based SaaS. FOSS-Cloud covers all of the aspects of an
Open Source IT environment.This multi-faced cloud computing solution
includes virtualization, cloud desktop, IaaS, PaaS and SaaS capabilities.
6. openQRM
openQRM software manages a data center’s infrastructure to build private,
public and hybrid IaaS (Infrastructure as a Service) clouds. This enterprise-
class tool combines data center management system administration and IaaS
provisioning into a single tool.
7. OpenShift
OpenShift’s helps you to make your job easier by taking care of all the messy IT
aspects of app development and allows you to focus on your job by Coding your
Application and satisfying your customers.
8. Cloud Foundry
Cloud Foundry is used to deploy your applications on a variety of
infrastructures, including Amazon Web Services, OpenStack, and vSphere. It
supports Java, Ruby, and Node applications out of the box.
9. Docker
Docker provides a highly reliable, low-cost way to quickly build, ship, and run
distributed applications at scale. It gives developers the freedom to define
environments and create apps faster and easier and flexibility for IT ops to
quickly respond to change.
10. Salt Stack
SaltStack software is easy enough to get running in seconds, scalable enough to
manage tens of thousands of servers, and fast enough to control and
communicate with them in milliseconds. SaltStack delivers a dynamic
infrastructure communication bus used for remote execution, configuration
management and much more.

Open-Source PaaS Tools

Cloud platform-as-a-service solutions, also referred to as PaaS, are
phenomenal resources for software engineers.

PaaS software provides things like development environments, prebuilt back-

end infrastructure, and deployment capabilities.

There are often reasonable pay-per-use pricing models for this software, but
smaller applications and companies using their own infrastructure might not
want hosted offerings.
1. OpenShift
OpenShift is a PaaS solution developed by the Red Hat community. It was
originally launched in 2011 and has quickly become one of the most widely used
PaaS solutions on the market.

Features: The self-service solution supports multiple languages, database types,

middleware components, and container types. OpenShift also has features to
instantly deploy code, develop locally, and automate builds.

What users are saying: Reviews about OpenShift on G2 Crowd are

overwhelmingly positive. Some call the solution "cutting edge" with its minimal
network latency for servers, reliable, and easy-to-use.

2. Dokku
Dokku advertises itself as “the smallest PaaS implementation you’ve ever seen,”
but that doesn’t mean it offers few features. The product was launched in 2013
as an open-source project by Docker.

Features: This streamlined version of a PaaS runs on a single designated server.

It has deployment features for managing logs and configurations, and making
remote commands. Other features include Docker container buildpacks,
configuration management tools and network management packages.

What users are saying: Out of all solutions on this list, Dokku has acquired the
most real user reviews on G2 Crowd. Most users recommend this PaaS solution,
regarding its installation time as "really fast," a tool focused on simplicity, and
rich with features.

3. Cloud Foundry
Cloud Foundry is an open source software project. The software was originally
developed by VMWare, then transferred to Pivotal and open sourced in 2014.
Since then, it has quickly become one of the most widely used PaaS solutions on
the market.

Features: The self-service solution supports multiple languages, database types,

middleware components and container types. The solution also has features to
instantly deploy code, develop locally and automate builds.

What users are saying: Most user reviews on G2 Crowd agree that Cloud
Foundry thrives at streamlining application development. One flaw users have
pointed out is that the documentation isn't as clear or comprehensive as
preferred.

4. Flynn
Flynn is a cloud PaaS and container management solution that’s been around
since 2013. The self-hosted tool has built in Postgres, MySQL,
and MongoDB databases.

Features: Flynn comes with a web dashboard and tools to monitor logs and
automate deployments and scaling. It also offers services to manage clouds and
clusters for you if your team doesn’t have the bandwidth to do it themselves.

What users are saying: Flynn has only acquired a few user reviews on G2 Crowd,
and the one common theme amongst these reviews is that the solution shows
potential, but is still in development.

Open Source Research Software

Cloud Computing Open Source Projects will cover the 1000’s of ideas for
developing open-source projects in the Cloud. We will follow our own words,
i.e., ‘your work is yours alone.’ It means that it will not share with other people.
Thus, the world spread with our unique ideas from all of them.

There are many services available for you, namely, ‘proposal writing, code
development, paper writing, publishing, and also thesis writing.’

Your code execution part is so special for you since it is a super chance for our
customers to get error-free codes. Further, our developers are experts in all the
simulation tools. Hence, we can also develop your Cloud Computing Open
Source Projects in any version of the simulation tool. Furthermore, all our
services are reliable and also secure at a low cost.

Cloud Computing Technologies

 Autonomic Techniques for Cloud Applications

 Policy Languages and also Programming Models
 Cloud Native enabled Applications
 Integration of Cloud Edge Devices and also Systems
 Virtualization Technologies and also Others
 Cloud Computing Middleware at all layers (XaaS)
Cloud Computing Technical Trends

 Clouds Legacy Applications

 Cloud Quality Assessment
 Power Consumption in MCC
 Security and Auditability also in Cloud based Services
 Cross Layers in Cloud Workflows
 Multiple Cloud Applications and also in Data Stores
 Orchestration and Integration for Cloud Applications Deployment

The Best Open Source Cloud Computing Simulators

 CloudSim
 iCanCloud
 GroundSim
 CloudAnalyst
 GreenCloud
 EMUSIM
 iFogSim
 DCSim (Data Centre Simulation)

Best Open Source Cloud Computing Software

 Open Source Cloud Storage Software

o SheepDog
o OpenStack
o Ceph
o GlusterFS
 OpenSource Cloud Compute Cloud
o OpenStack
o OpenNebula
 o Eucalyptus
o Also in Apache CloudStack
 Open Source PaaS Model
o Cloudify
o Stackato
o WSO2 Stratus
o Cloud Foundry
o OpenShift

UNIT - 5
Cloud Computing Security
Security in cloud computing is a major concern. Data in cloud should be stored
in encrypted form. To restrict client from accessing the shared data directly,
proxy and brokerage services should be employed.
Security Planning
Before deploying a particular resource to cloud, one should need to analyze
several aspects of the resource such as:
 Select resource that needs to move to the cloud and analyze its sensitivity to
risk.
 Consider cloud service models such as IaaS, PaaS, and SaaS. These models
require customer to be responsible for security at different levels of service.
 Consider the cloud type to be used such as public, private,
community or hybrid.
 Understand the cloud service provider's system about data storage and its
transfer into and out of the cloud.
The risk in cloud deployment mainly depends upon the service models and
cloud types.
Understanding Security of Cloud
Security Boundaries
A particular service model defines the boundary between the responsibilities of
service provider and customer. Cloud Security Alliance (CSA) stack model
defines the boundaries between each service model and shows how different
functional units relate to each other. The following diagram shows the CSA
stack model:

Key Points to CSA Model

 IaaS is the most basic level of service with PaaS and SaaS next two above
levels of services.
 Moving upwards, each of the service inherits capabilities and security
concerns of the model beneath.
 IaaS provides the infrastructure, PaaS provides platform development
 environment, and SaaS provides operating environment.
 IaaS has the least level of integrated functionalities and integrated security
while SaaS has the most.
 This model describes the security boundaries at which cloud service
provider's responsibilities end and the customer's responsibilities begin.
 Any security mechanism below the security boundary must be built into the
system and should be maintained by the customer.
Although each service model has security mechanism, the security needs also
depend upon where these services are located, in private, public, hybrid or
community cloud.
Understanding Data Security
Since all the data is transferred using Internet, data security is of major
concern in the cloud. Here are key mechanisms for protecting data.
 Access Control
 Auditing
 Authentication
 Authorization
All of the service models should incorporate security mechanism operating in
all above-mentioned areas.
PaaS Cloud Security Threats
o Privilege escalation via API
o Authorization weaknesses in platform services
o Run-time engine vulnerabilities
o Availability disruption through denial-of-service attacks
o Injection flaws
o Broken authentication
o Sensitive data exposure
o XML external entities
o Broken access control
o Security misconfigurations
o Cross-site scripting (XSS)
o Insecure deserialization
o Using components with known vulnerabilities
o Insufficient logging and monitoring
o Data leakage (through inadequate ACL)
o Privilege escalation through misconfiguration
o DoS attack via API
o Privilege escalation via API
o Weak privileged key protection
o Virtual machine (VM) weaknesses
o Insider data theft
Auditing & Compliance in Cloud Computing?
Cloud computing is best defined by the National Institute of Standards and
Technology (NIST). NIST is a portion of the U.S. Department of Commerce with
the mission of encouraging innovation through science, technology, and
standards – including cloud computing. According to NIST, “Cloud computing
is a model for enabling ubiquitous, convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. This
cloud model is composed of five essential characteristics, three service models,
and four deployment models.”
This definition was created to set a baseline for the discussion around cloud
computing. As defined, cloud computing includes the following:

 Five Essential Characteristics – On-demand self-service, broad network

access, resource pooling, rapid elasticity, and measured service.

 Three Service Models – Software-as-a-Service (SaaS), Platform-as-a-

Service (PaaS), and infrastructure-as-a-Service (Iaas).

 Four Deployment Models – Private cloud, community cloud, public cloud,

and hybrid cloud.
The different characteristics, service models, and deployment models can be
shaped and morphed into different resources depending on the needs of the
organization.
Auditing in Cloud Computing
In general, an audit is when a third-party independent group is engaged to
obtain evidence through inquiry, physical inspection, observation, confirmation,
analytics procedures, and/or re-performance.
In a cloud computing audit, a variation of these steps is completed in order to
form an opinion over the design and operational effectiveness of
controls identified in the following areas:

 Communication

 Security incidents

 Network security

 System development or change management

 Risk management

 Data management

 Vulnerability and remediation management

 Tone at the top or leaderships commitment to transparency and ethical

behavior
What is Cloud Compliance?
Cloud compliance is meeting the requirements or criteria needed to meet a
certain type of certification or framework. There are a variety of different types
of compliance that may be required by the industry, including requests for
proposals, clients, etc. The type of cloud security and compliance requirements
will help determine the cloud compliance that is right for an organization.
For example, SOC 2 does not have any specific requirements around cloud
compliance but does have criteria, such as CC6.1 “The entity implements logical
access security software, infrastructure, and architectures over protected
information assets to protect them from security events to meet the entity’s
objectives.” To provide users assurance that the criteria have been met, certain
controls are enabled to show evidence of cloud compliance. Some of these
include security groups to control access to sensitive information, encryption of
information, and regular patching.
Some other cloud compliance programs include:

 FedRAMP

 Cloud Security Alliance (CSA)

 HITRUST

 ISO 27017

 PCI

CLOUD SECURITY ISSUES

All companies face security risks, threats, and challenges every day. Many
think these terms all mean the same thing, but they’re more nuanced.
Understanding the subtle differences between them will help you better
protect your cloud assets.

What is the difference between risks, threats, and challenges?

 A risk is a potential for loss of data or a weak spot.

 A threat is a type of attack or adversary.
 A challenge is an organization’s hurdles in implementing practical cloud
security.

Let’s consider an example: An API endpoint hosted in the cloud and exposed
to the public Internet is a risk, the attacker who tries to access sensitive data
using that API is the threat (along with any specific techniques they could try),
and your organization’s challenge is effectively protecting public APIs while
keeping them available for legitimate users or customers who need them.

A complete cloud security strategy addresses all three aspects, so no cracks

exist within the foundation. You can think of each as a different lens or angle
with which to view cloud security. A solid strategy must mitigate risk (security
controls), defend against threats (secure coding and deployment), and
overcome challenges (implement cultural and technical solutions) for your
business to use the cloud to grow securely.

4 Cloud Security Risks

You cannot completely eliminate risk; you can only manage it. Knowing
common risks ahead of time will prepare you to deal with them within your
environment. What are four cloud security risks?

1. Unmanaged Attack Surface

2. Human Error
3. Misconfiguration
4. Data Breach

1. Unmanaged Attack Surface

An attack surface is your environment’s total exposure. The adoption of

microservices can lead to an explosion of publicly available workload. Every
workload adds to the attack surface. Without close management, you could
expose your infrastructure in ways you don’t know until an attack occurs.

No one wants that late-night call.

Attack surface can also include subtle information leaks that lead to an
attack. For example, CrowdStrike’s team of threat hunters found an attacker
using sampled DNS request data gathered over public WiFi to work out the
names of S3 buckets. CrowStrike stopped the attack before the attackers did
any damage, but it’s a great illustration of risk’s ubiquitous nature. Even
strong controls on the S3 buckets weren’t enough to completely hide their
existence. As long as you use the public Internet or cloud, you’re
automatically exposing an attack surface to the world.

Your business may need it to operate, but keep an eye on it.

2. Human Error

According to Gartner, through 2025, 99% of all cloud security failures will be
due to some level of human error. Human error is a constant risk when
building business applications. However, hosting resources on the public
cloud magnifies the risk.

The cloud’s ease of use means that users could be using APIs you’re not aware
of without proper controls and opening up holes in your perimeter. Manage
human error by building strong controls to help people make the right
decisions.

One final rule — don’t blame people for errors. Blame the process. Build
processes and guardrails to help people do the right thing. Pointing fingers
doesn’t help your business become more secure.
3. Misconfiguration

Cloud settings keep growing as providers add more services over time. Many
companies are using more than one provider.

Providers have different default configurations, with each service having its
distinct implementations and nuances. Until organizations become proficient
at securing their various cloud services, adversaries will continue to
exploit misconfigurations.

4. Data Breaches

A data breach occurs when sensitive information leaves your possession

without your knowledge or permission. Data is worth more to attackers than
anything else, making it the goal of most attacks. Cloud misconfiguration and
lack of runtime protection can leave it wide open for thieves to steal.

The impact of data breaches depends on the type of data stolen. Thieves sell
personally identifiable information (PII) and personal health information
(PHI) on the dark web to those who want to steal identities or use the
information in phishing emails.

Other sensitive information, such as internal documents or emails, could be

used to damage a company’s reputation or sabotage its stock price. No matter
the reason for stealing the data, breaches continue to be an imposing threat
to companies using the cloud.

How To Manage Cloud Security Risks

Follow these tips to manage risk in the cloud:

 Perform regular risk assessments to find new risks.

 Prioritize and implement security controls to mitigate the risks you’ve
identified (CrowdStrike can help).
 Document and revisit any risks you choose to accept.

4 Cloud Security Threats

A threat is an attack against your cloud assets that tries to exploit a

risk. What are four common threats faced by cloud security?

1. Zero-Day Exploits
2. Advanced Persistent Threats
3. Insider Threats
4. Cyberattacks

1. Zero-day Exploits

Cloud is “someone else’s computer.” But as long as you’re using computers

and software, even those run in another organization’s data center, you’ll
encounter the threat of zero-day exploits.

Zero-day exploits target vulnerabilities in popular software and operating

systems that the vendor hasn’t patched. They’re dangerous because even if
your cloud configuration is top-notch, an attacker can exploit zero-day
vulnerabilities to gain a foothold within the environment.

2. Advanced Persistent Threats

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack

in which an intruder establishes an undetected presence in a network to steal
sensitive data over a prolonged time.

APTs aren’t a quick “drive-by” attack. The attacker stays within the
environment, moving from workload to workload, searching for sensitive
information to steal and sell to the highest bidder. These attacks are
dangerous because they may start using a zero-day exploit and then go
undetected for months.

3. Insider Threats

An insider threat is a cybersecurity threat that comes from within the

organization — usually by a current or former employee or other person who
has direct access to the company network, sensitive data and intellectual
property (IP), as well as knowledge of business processes, company policies or
other information that would help carry out such an attack.

4. Cyberattacks

A cyber attack is an attempt by cybercriminals, hackers or other digital

adversaries to access a computer network or system, usually for the purpose
of altering, stealing, destroying or exposing information.

Common cyberattacks performed on companies

include malware, phishing, DoS and DDoS, SQL Injections, and IoT based
attacks.

SaaS Security
SaaS Security refers to securing user privacy and corporate data in
subscription-based cloud applications. SaaS applications carry a large amount
of sensitive data and can be accessed from almost any device by a mass of users,
thus posing a risk to privacy and sensitive information.

Cloud Security Governance

Cloud security governance refers to the management model that facilitates
effective and efficient security management and operations in the cloud
environment so that an enterprise’s business targets are achieved. This model
incorporates a hierarchy of executive mandates, performance expectations,
operational practices, structures, and metrics that, when implemented, result
 in the optimization of business value for an enterprise. Cloud security
governance helps answer leadership questions such as:
 Are our security investments yielding the desired returns?
 Do we know our security risks and their business impact?
 Are we progressively reducing security risks to acceptable levels?
 Have we established a security-conscious culture within the enterprise

Risk Management

Process of Risk Management

Risk management is a cyclically executed process comprised of a set of activities

for overseeing and controlling risks. Risk management follows a series of 5
steps to manage risk, it drives organisations to formulate a better strategy to
tackle upcoming risks. These steps are referred to as Risk Management Process
and are as follows:

 Identify the risk

 Analyze the risk
 Evaluate the risk
 Treat the risk
 Monitor or Review the risk

Now, let us briefly understand each step of the risk management process in
cloud computing.

1. Identify the risk - The inception of the risk management process starts
with the identification of the risks that may negatively influence an
organisation's strategy or compromise cloud system security.
Operational, performance, security, and privacy requirements are
identified. The organisation should uncover, recognise and describe risks
that might affect the working environment. Some risks in cloud
computing include cloud vendor risks, operational risks, legal risks, and
attacker risks.
2. Analyze the risk - After the identification of the risk, the scope of the risk
is analyzed. The likelihood and the consequences of the risks are
determined. In cloud computing, the likelihood is determined as the
function of the threats to the system, the vulnerabilities, and
consequences of these vulnerabilities being exploited. In analysis phase,
the organisation develops an understanding of the nature of risk and its
potential to affect organisation goals and objectives.
3. Evaluate the risk - The risks are further ranked based on the severity of
the impact they create on information security and the probability of
actualizing. The organisation then decides whether the risk is acceptable
or it is serious enough to call for treatment.
4. Treat the risk - In this step, the highest-ranked risks are treated to
eliminate or modified to achieve an acceptable level. Risk mitigation
strategies and preventive plans are set out to minimise the probability of
negative risks and enhance opportunities. The security controls are
 implemented in the cloud system and are assessed by proper assessment
procedures to determine if security controls are effective to produce the
desired outcome.
5. Monitor or Review the risk - Monitor the security controls in the cloud
infrastructure on a regular basis including assessing control
effectiveness, documenting changes to the system and the working
environment. Part of the mitigation plan includes following up on risks to
continuously monitor and track new and existing risks.

The steps of risk management process should be executed concurrently, by

individuals or teams in well-defined organisational roles, as part of the System
Development Life Cycle (SDLC) process. Treating security as an addition to the
system, and implementing risk management process in cloud computing
independent to the SDLC is more difficult process that can incur higher cost
with a lower potential to mitigate risks.

Types of Risks in Cloud Computing

This section involves the primary risks associated with cloud computing.

1. Data Breach - Data breach stands for unauthorized access to the

confidential data of the organisation by a third party such as hackers. In
cloud computing, the data of the organisation is stored outside the
premise, that is at the endpoint of the cloud service provider(CSP). Thus
any attack to target data stored on the CSP servers may affect all of its
customers.
2. Cloud Vendor Security Risk - Every organisation takes services offered
by different cloud vendors. The inefficiency of these cloud vendors to
provide data security and risk mitigation directly affects the
organisation's business plan and growth. Also, migrating from one
vendor to another is difficult due to different interfaces and services
provided by these cloud vendors.
3. Availability - Any internet connection loss disrupts the cloud provider's
services, making the services inoperative. It can happen at both the user's
and the cloud service provider's end. An effective risk management plan
should focus on availability of services by creating redunadancy in
servers on cloud such that other servers can provide those services if one
fails.
4. Compliance - The service provider might not follow the external audit
process, exposing the end user to security risks. If a data breach at the
cloud service provider's end exposes personal data, the organisation may
be held accountable due to improper protection and agreements.

Cloud Security Monitoring

Cloud security monitoring encompasses several processes that allow

organizations to review, manage, and observe operational workflows in a cloud
environment.
Cloud security monitoring combines manual and automated processes to track
and assess the security of servers, applications, software platforms, and
websites.
Cloud security experts monitor and assess the data held in the cloud on an
ongoing basis. They identify suspicious behavior and remediate cloud-based
security threats. If they identify an existing threat or vulnerability, they can
recommend remediations to address the issue quickly and mitigate further
damage.
Benefits of Cloud Security Monitoring
Cloud security monitoring allows you to:
 Maintain compliance – most major regulations, such as PCI DSS and
HIPAA, require monitoring. Organizations using cloud platforms should
leverage observation tools to comply with these regulations and avoid
penalties.
 Discover vulnerabilities – it is important to maintain visibility over your
cloud environments to identify vulnerabilities. You can use an automated
observation tool to quickly send alerts to your IT and security teams and
help them identify suspicious behavior patterns and indicators of
compromise (IoCs).
 Avoid business disruptions – security incidents can disrupt business
operations or force you to shut them down altogether. Disruptions and
data breaches can impact customer trust and satisfaction, so it is
important to monitor your cloud environments to maintain business
continuity and data security and business continuity.
 Protect sensitive data – you can use a cloud security monitoring solution
to perform regular audits and keep your data secure. You can monitor
the health status of your security systems and receive recommendations
for implementing security measures.
 Leverage continuous monitoring and support – A cloud security
management service can monitor your system 24/7. While maintaining
security on-premises requires physical monitoring at regular intervals,
cloud-based services allow you to implement continuous monitoring,
significantly decreasing the risk of letting threats slip unnoticed.

Data security in cloud computing

Cloud data security is the combination of technology solutions, policies,

and procedures that the enterprise implements to protect cloud-based
applications and systems, along with the associated data and user access.

The core principles of information security and data governance—data

confidentiality, integrity, and availability (known as the CIA triad)—also
apply to the cloud:

Confidentiality: protecting the data from unauthorized access and disclosure

Integrity: safeguard the data from unauthorized modification so it can be
trusted
Availability: ensuring the data is fully available and accessible when it’s
needed
These tenets apply regardless of:

Which cloud model the enterprise adopts—public, private, hybrid, or

community clouds
Which cloud computing categories the organization uses—software-as-a-
service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a service
(IaaS), or function-as-a-service (FaaS)
Organizations must consider data security during all stages of cloud
computing and the data lifecycle, from development, deployment, or migration
of applications and systems, to the management of the cloud environment.

Common cloud data security risks

When it comes to data, the cloud poses a variety of risks that the
enterprise must address as part of its security strategy. The biggest risks—as
organizations increasingly rely on the cloud for collecting, storing, and
processing critical data—are cyberattacks and data breaches.

A SailPoint survey, for example, found that 45% of companies that have
implemented IaaS have experienced cyberattacks and 25% have experienced a
data breach. Other research found that IT security professionals cite the
proliferation of cloud services as the second-biggest barrier to their ability to
respond to a data breach, and this challenge has grown in recent years.

Some of the common cloud-related risks that organizations face include:

Regulatory noncompliance—whether it’s the General Protection Data

Regulation (GDPR) or the Healthcare Insurance Portability and
Accountability Act (HIPAA), cloud computing adds complexity to satisfying
compliance requirements.
Data loss and data leaks—data loss and data leaks can result from poor
security practices such as misconfigurations of cloud systems or threats such
as insiders.
Loss of customer trust and brand reputation—customers trust organizations
to safeguard their personally identifiable information (PII) and when a
security incident leads to data compromise, companies lose customer goodwill.
Business interruption—risk professionals around the globe identified business
disruption caused by failure of cloud technology / platforms or supply chains
as one of their top five cyber exposure concerns.
Financial losses—the costs of incident mitigation, data breaches, business
disruption, and other consequences of cloud security incidents can add up to
hundreds of millions of dollars.

Application Security
Application security is the process of developing, adding, and testing
security features within applications to prevent security vulnerabilities against
threats such as unauthorized access and modification.
Types of application security

Different types of application security features include authentication,

authorization, encryption, logging, and application security testing. Developers
can also code applications to reduce security vulnerabilities.

 Authentication: When software developers build procedures into an

application to ensure that only authorized users gain access to it.
Authentication procedures ensure that a user is who they say they are.
This can be accomplished by requiring the user to provide a user name
and password when logging in to an application. Multi-factor
authentication requires more than one form of authentication—the
factors might include something you know (a password), something you
have (a mobile device), and something you are (a thumb print or facial
recognition).
 Authorization: After a user has been authenticated, the user may be
authorized to access and use the application. The system can validate
that a user has permission to access the application by comparing the
user’s identity with a list of authorized users. Authentication must
happen before authorization so that the application matches only
validated user credentials to the authorized user list.
 Encryption: After a user has been authenticated and is using the
application, other security measures can protect sensitive data from
being seen or even used by a cybercriminal. In cloud-based
applications, where traffic containing sensitive data travels between
the end user and the cloud, that traffic can be encrypted to keep the
data safe.
 Logging: If there is a security breach in an application, logging can
help identify who got access to the data and how. Application log files
provide a time-stamped record of which aspects of the application
were accessed and by whom.
 Application security testing: A necessary process to ensure that all of
these security controls work properly.
Virtual Machine Security in Cloud
The term “Virtualized Security,” sometimes known as “security
virtualization,” describes security solutions that are software-based and
created to operate in a virtualized IT environment. This is distinct from
conventional hardware-based network security, which is static and is
supported by equipment like conventional switches, routers, and firewalls.
Virtualized security is flexible and adaptive, in contrast to hardware-based
security. It can be deployed anywhere on the network and is frequently cloud-
based so it is not bound to a specific device.
In Cloud Computing, where operators construct workloads and applications
on-demand, virtualized security enables security services and functions to
move around with those on-demand-created workloads. This is crucial for
virtual machine security. It’s crucial to protect virtualized security in cloud
computing technologies such as isolating multitenant setups in public cloud
settings. Because data and workloads move around a complex ecosystem
including several providers, virtualized security’s flexibility is useful for
securing hybrid and multi-cloud settings.
 Type I Virtualization
In this design, the Virtual Machine Monitor (VMM) sits directly above the
hardware and eavesdrops on all interactions between the VMs and the
hardware. On top of the VMM is a management VM that handles other guest
VM management and handles the majority of a hardware connections. The
Xen system is a common illustration of this kind of virtualization design.
Type II virtualization
In these architectures, like VMware Player, allow for the operation of the
VMM as an application within the host operating system (OS). I/O drivers and
guest VM management are the responsibilities of the host OS.
Identity and Access Management
Identity management—also referred to as identity and access
management (IAM)—is the overarching discipline for verifying a user’s identity
and their level of access to a particular system. Within that scope,
both authentication and access control—which regulates each user’s level of
access to a given system—play vital roles in securing user data.
We interact with authentication mechanisms every day. When you enter a
username and password, use a PIN, scan your fingerprint, or tap your bank
card, your identity is being verified for authentication purposes. Once your
identity is verified, access control is implemented to determine your level of
access. This is important for applications and services that have different levels
of authorization for different users. Access control, for instance, will allow
software administrators to add users or edit profiles while also barring lower-
tier users from accessing certain features and information.
Autonomic Security

Autonomic computing refers to the self-management of complex distributed

computing resources, that can adapt to unpredictable changes with
transparency to operators and users. Security is one of the four key elements of
autonomic computing and includes proactive identification and protection
from arbitrary attacks. The articles cited here describe research into the
security problems associated with a variety of autonomic systems and were
published in the first half of 2014. Topics include autonomic security regarding
vulnerability assessments, intelligent sensors, encryption, services, and the
Internet of Things.
Cloud Advanced Concepts

Cloud management refers to managing the data, security, resources,

performance, storage, backups, applications, deployment, capacity, etc. It is
the responsibility of the cloud service provider to set up, configure and
manage the cloud.

Cloud Management Task

1. Data Flow of the System: There should be a detailed understanding of process
 flow. The process flow describes the movement of data belonging to the
organization through the cloud solution.
2. Service Provider Security Procedure: The customer should know the security
provided by the cloud service provider. The security can include an
encryption policy, multitenant use, employee screening, etc.
3. Vendor lock-In Awareness: The customer may know how to switch to the
cloud service provider. How the organizational data will be exported from
one service provider to another should be known.
4. Monitor Audit Logs: The logs must be audited regularly to know what errors
occurred in the system.
5. Testing and Validation: It is necessary to test the cloud provider's solution
and ensure it is error-free, making the system reliable and robust.
Benefits of Cloud Management
1. Quick Delivery Time: Nowadays, clients need faster service delivery with
proper management. Service providers can do this through proper
management that satisfies their customers.
2. Flexibility: The resource requirements are variable as per the requirement.
The cloud provider should provide the resources with maximum flexibility so
that customers can modify them as per their needs; also, the cost should base
on the pay-per-use model.
3. Security: The data is a leading resource for an organization, and this data
should be handled safely and securely in the environment. It is the
responsibility of the service provider to manage the data with the proper
security mechanisms.
4. Cost Effective: The cloud is used by both small and large organisations. So, it
should be taken care of pricing model. Mostly, the cloud provider should
charge as per the resources used, which is a cost-effective per-per-use model,
and customer needs to pay only for what they use.

While managing the cloud infrastructure, unauthorized access, denial of

service attacks, network eavesdropping, side-channel attacks, etc., computing
threads should be handled using surveillance and management tools.